[SECURITY] gd: CVE-2014-2497

Yaakov Selkowitz yselkowitz@cygwin.com
Tue Jan 20 17:06:00 GMT 2015

On Mon, 2015-01-19 at 23:38 -0600, Yaakov Selkowitz wrote:
> Dr. Volker Zell,
> A security vulnerability has been made public for gd.  Could you please:
> 1) port this patch to 2.0.36RC1, for the benefit of those package
> currently linked against libgd2:
> http://git.php.net/?p=php-src.git;a=patch;h=cf47536

Please consider the attached.

> 2) AND could you bump gd to 2.1.1, which already includes this fix, from
> its new home at http://libgd.bitbucket.org/ so we can move on to the
> currently supported code base for future builds?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: gd-2.0.36RC1-CVE-2014-2497.patch
Type: text/x-patch
Size: 874 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin-apps/attachments/20150120/b2f37fe6/attachment.bin>

More information about the Cygwin-apps mailing list